Security audit
InsightClaw Plugin
Security checks across malware telemetry and agentic risk
Overview
InsightClaw appears to be a real observability plugin, but its privacy controls are ambiguous because some prompt and hook data can be captured outside the main content-capture toggle.
Review this carefully before installing in environments with private prompts, tool outputs, customer data, or secrets. Use only trusted OTLP endpoints, avoid the NODE_OPTIONS preload unless full LLM content tracing is acceptable, and assume action-hook events may appear in local logs even when captureContent is disabled.
VirusTotal
65/65 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
